I've got my application on facebook. Its working on https. Recently I've set up the apache reverse proxy. Proxy is doing redirect from https to http port 8080 of tomcat. The game is working if accessed directly. While if accessed from facebook there is an error:
Mixed Content: The page at
'https://apps.facebook.com/pennantrace/?fb_source=bookmark&ref=bookmarks&count=0&fb_bmpos=_0'
was loaded over HTTPS, but requested an insecure form action
'http://thepennantrace.com/'. This request has been blocked; the
content must be served over HTTPS.
UPDATE 1:
I've set spring social facebook's canvas controller's post login url to the "https://..." now it works but tomcat is redirecting the call to https://...com to the http://....com/resources/index.html
Seems like all redirects from tomcat are passed as they are (http) without changing the protocol to the https.
I fixed it by setting apache to use X-Forwarded-Proto
And tomcat to respond on that correctly.
Related
Using Play Framework 2.5.6
I have secured my application with SSL.
Now, page is loaded with https I figured out this error.
Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘’. This request has been blocked; the content must be served over HTTPS.
because on page i use rest endpoints (http) to fetch data.
I have multiple rest endpoints to fetch the data.
Is there any support that I can configure at one place like application.config,
and all rest endpoints in routes will use https instead of http??
Currently all traffic is coming to backend servers, which is running on port 80. However we want to redirect some pages to https. This means that whenever the customer hits on login page, logout page present in the website. It should be redirected to https.
When a customer hits on the login button it redirect to https but using haproxy it doesn't work.
https://XXXXXXXX.com/customer/account/login/
We have already installed ssl in both the servers.
However, redirection is not working from http to https.
Please suggest what I should try.
It would be best to use HAproxy to terminate the SSL and talk to the backend servers via HTTP rather than having both HAproxy and the webserver doing SSL.
There is a good SSL setup tutorial here https://www.digitalocean.com/community/tutorials/how-to-implement-ssl-termination-with-haproxy-on-ubuntu-14-04
I have couple of application one running on HTTPS(ssl.demo.com) and other application on HTTP(nossl.demo.com),here how my configuration for each application look like
https on application (https://gist.github.com/meetme2meat/572a1d8c70234d28d4e0)
http application (https://gist.github.com/meetme2meat/d6ce43d529f5a4e275a7)
Now as per what I see every redirection i.e (30x response code) cause the nginx to redirect it to the http application
Example : -
When on https://ssl.demo.com any 302 request(let say 302 to /path1 ) cause the nginx the redirect the above path to http://ssl.demo.com/path1 instead of https://ssl.demo.com/path1 (The problem is that although the domain look good without the scheme(http instead of https in above case) but the path is internally served by to nossl application instead of ssl)
Any Clue what need to be done over here ?
I have a web application running on Weblogic. The HTTPS URL to this application is https://localhost:7002/MyApp.
Whenever I am changing the URL in the address bar to http://localhost:7002/MyApp, it automatically redirects to the original HTTPS based URL.
My requirement is to take the user to some kind of custom error page, if they request the HTTP URL. For example, http://localhost:7002/MyApp should redirect to https://localhost:7002/MyApp/error.jsp.
Is this redirection possible to configure in Weblogic?
You mentioned that your https URL is:
https://localhost:7002/MyApp
And assuming that your http URL is:
http://localhost:7001/MyApp
When you say you change the https URL in browser to:
http://localhost:7002/MyApp
This is in-correct. If you provide such a URL, WLS will accept the request on secure port 7002 but will fail to identify the protocol (it expected https but you gave http). Instead of a redirection, you would get some error in browser and definitely following error in WLS logs:
<May XX, 2013 XX:XX:17 PM IST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer
XXXXXXXXXXXXXX - 192.169.0.100 instead of an SSL handshake.>
I assume you are changing the URL to:
http://localhost:7001/MyApp
Please correct/update your issue description.
Now onto your requirement, it seems nearly impossible to do this via WLS configuration.
As a workaround, you can create a servlet filter and call isSecure on ServletRequest to determine whether the request was made using secure protocol or not. If you find it was not, then you can redirect to some custom page. And you would also need to disable this automatic redirection to https that you have reported for your application.
Ref: http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#isSecure%28%29
I use Heroku to host my Facebook application. The app works fine. The only thing is my app is dependent on two files : namely, index.jsp and result.jsp.
Now, by default the index.jsp file is on secure ssl (https), but when my application redirects the user to result.jsp, it is loaded on http (not on ssl)
Is there any way I can put the other file (ie. result.jsp) on ssl too?
Is there any Git commands for that?
You will need to manually detect whether the user has accessed a non-https url using the x-forwarded-proto http request header and then redirect them to the https url.